Stuart Stuart - 1 year ago 290
Node.js Question

Hapi.js Bell/Auth-Cookie Redirect Loop

I am trying to setup google auth for a Hapi.js project and I cannot see why I am getting a redirect loop back to my login route after logging in.

This is only occurring if the user wasn't already logged into their google account or hasn't yet granted permission for the app to access their info.

This is the auth registration code

server.auth.strategy('session', 'cookie', true, {
password: 'private_key',
redirectTo: '/login/google'

server.auth.strategy('google', 'bell', {
provider: 'google',
password: 'private_key',
clientId: 'client_id',
clientSecret: 'client_secret',
location: 'same_origin_registered_with_google'

And these are my two routes

method: ['GET', 'POST'],
path: '/login/google',
config: {
auth: {
strategy: 'google',
mode: 'try'
plugins: { 'hapi-auth-cookie': { redirectTo: false } },
handler: (request, reply) => {
if (!request.auth.isAuthenticated) {
return reply('Authentication failed due to: ' + request.auth.error.message);

let creds = request.auth.credentials;

token: creds.token,

return reply.redirect('/');

method: 'GET',
path: '/',
handler: (request, reply) => {
return reply('hello');

To note, the auth cookie is being set and once the redirect loop has exited I can navigate to the "/" route manually no problem.

Any help with this is much appreciated

Answer Source

This is due to hapi-auth-cookie not yet dealing with the isSameSite cookie option in hapi 15 causing the cookie to not being sent back to the server.

You can solve this by manually setting the option.

More information can be found in the hapi 15 release notes and the PR on hapi-auth-cookie

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download